Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f846539f8f84b89…

MALICIOUS

PDF

41.5 KB Created: 2019-03-17 13:11:24 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows))
MD5: 5150a3af76ce584d4c0fc6fa3b9dd3e2 SHA-1: fc0ee5d437284d6608742866e2b59efd91887444 SHA-256: 5f846539f8f84b897f53053a5417dd5535cbee3be88b03cf9a9aa09c8197843c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The ML classifier also flagged this PDF as malicious. The primary attack pattern observed is the creation of a link farm designed to direct users to a large number of external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8872

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-big-mountain-diaries.pdf
    • http://www.gorillawalker.com/futures-trading-investment-strategies-korean-edition-paperback.pdf
    • http://www.gorillawalker.com/creole-trombone-kid-ory-and-the-early-years-of-jazz.pdf
    • http://www.gorillawalker.com/under-cover-of-daylight.pdf
    • http://www.gorillawalker.com/spanish-translated-anatomy-physiology-reference-for-beauty-and-wellness-professionals.pdf
    • http://www.gorillawalker.com/batman-66-meets-the-green-hornet.pdf
    • http://www.gorillawalker.com/strategy-process-the-european-edition-revised.pdf
    • http://www.gorillawalker.com/rosshalde.pdf
    • http://www.gorillawalker.com/the-baby-sitters-club-100-kristy-s-worst-idea-kindle.pdf
    • http://www.gorillawalker.com/great-possessions-a-new-series-of-adventures-classic-reprint.pdf
    • http://www.gorillawalker.com/using-maps-from-atlases-at-key-stage-2.pdf
    • http://www.gorillawalker.com/the-royal-yacht-caroline-1749-anatomy-of-the-ship.pdf
    • http://www.gorillawalker.com/cognitive-ecologies-and-the-history-of-remembering-religion-education-and.pdf
    • http://www.gorillawalker.com/l-ecclesiologie-d-anselme-de-lucques-1063-1086-au-service.pdf
    • http://www.gorillawalker.com/danger-cocaine-drug-awareness-library.pdf
    • http://www.gorillawalker.com/isabel-la-catolica-la-mitica-reina-que-forjo-una-espa.pdf
    • http://www.gorillawalker.com/an-anglo-norman-dictionary-a-e-publications-of-the-modern.pdf
    • http://www.gorillawalker.com/seducing-my-assistant.pdf
    • http://www.gorillawalker.com/houghton-mifflin-social-studies-teacher-edition-volume-1-level-5.pdf
    • http://www.gorillawalker.com/rocks-geology-landforms-minerals-and-rocks.pdf
    • http://www.gorillawalker.com/from-reel-to-deal-everything-you-need-to-create-a.pdf
    • http://www.gorillawalker.com/shibori-for-textile-artists.pdf
    • http://www.gorillawalker.com/the-ancient-china-civilizations-of-the-ancient-world.pdf
    • http://www.gorillawalker.com/brittany-earns-her-ears-my-secret-walt-disney-world-cast.pdf
    • http://www.gorillawalker.com/the-evangelical-hymnal-with-tunes.pdf
    • http://www.gorillawalker.com/dixie-the-autobiography-of-dixie-mcneil.pdf
    • http://www.gorillawalker.com/scooby-doo-2-monsters-unleashed-mad-libs.pdf
    • http://www.gorillawalker.com/what-s-different-about-you.pdf
    • http://www.gorillawalker.com/stochastic-calculus-and-applications-probability-and-its-applications.pdf
    • http://www.gorillawalker.com/the-klondike-gold-rush-first-books-western-u-s-history.pdf
    • http://www.gorillawalker.com/the-real-bettie-page-the-truth-about-the-queen-of.pdf
    • http://www.gorillawalker.com/stone-of-tears-sword-of-truth-series.pdf
    • http://www.gorillawalker.com/animals-and-society-an-introduction-to-human-animal-studies-kindle.pdf
    • http://www.gorillawalker.com/parish-mass-book-hymnal.pdf
    • http://www.gorillawalker.com/games-magazine-presents-best-pencil-puzzles.pdf
    • http://www.gorillawalker.com/the-haynes-automotive-body-repair-painting-manual-haynes-automotive-repair.pdf
    • http://www.gorillawalker.com/tortipelvis.pdf
    • http://www.gorillawalker.com/ravel-elgar-and-more-volume-7-the-orchestra-musician-s.pdf
    • http://www.gorillawalker.com/kenya-a-political-history.pdf
    • http://www.gorillawalker.com/cities-of-aristocrats-and-bureaucrats.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.